Password encryption

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Password encryption

Azimuddin Mohammed
Hello,
Is there a way I can encrypt the default password column of db user password. I know by default the password is encrypted as md5, can we encrypt that of shadow column for password?

Thanks in advance 
Reply | Threaded
Open this post in threaded view
|

Re: Password encryption

Adrian Klaver-4
On 04/15/2018 05:22 PM, Azimuddin Mohammed wrote:
> Hello,
> Is there a way I can encrypt the default password column of db user
> password. I know by default the password is encrypted as md5, can we
> encrypt that of shadow column for password?

Are you talking about this view?:

https://www.postgresql.org/docs/10/static/view-pg-shadow.html

If so that is only readable by superusers:

production=# \c - aklaver
You are now connected to database "production" as user "aklaver".

production=> select * from pg_shadow ;
ERROR:  permission denied for relation pg_shadow

production=> \c - postgres
You are now connected to database "production" as user "postgres".

production=# select * from pg_shadow ;
     usename     | usesysid | usecreatedb | usesuper | userepl |
usebypassrls |               passwd                | valuntil | useconfig

...

Assuming someone is in your database as a superuser, access to the
password field in pg_shadow is pretty much moot.

>
> Thanks in advance


--
Adrian Klaver
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Password encryption

Ron-2
In reply to this post by Azimuddin Mohammed
On 04/15/2018 07:22 PM, Azimuddin Mohammed wrote:
Hello,
Is there a way I can encrypt the default password column of db user password. I know by default the password is encrypted as md5, can we encrypt that of shadow column for password?

MD5 is a one-way hash, not an encryption scheme.  Thus, the password cannot be reverse-computed from the MD5 hash value.  So, you're (kinda) safe, although an attacker could determine the password through brute-force calculation of hashes.


--
Angular momentum makes the world go 'round.
Previous Thread Next Thread